Lucene search
K

6939 matches found

Cvelist
Cvelist
added 2015/04/01 10:0 a.m.24 views

CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

9.7AI score0.67135EPSS
Exploits3References18
RedHat Linux
RedHat Linux
added 2015/04/01 7:47 a.m.14 views

Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

7.5CVSS7.2AI score0.03269EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2015/04/01 12:0 a.m.24 views

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

7.5CVSS7.4AI score0.03269EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2015/04/01 12:0 a.m.49 views

firefox: multiple issues

CVE-2015-0801 same-origin bypass Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

7.5CVSS0.3AI score0.67465EPSS
Exploits4References24
UbuntuCve
UbuntuCve
added 2015/04/01 12:0 a.m.26 views

CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

5CVSS7.6AI score0.67135EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2015/04/01 12:0 a.m.36 views

FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)

The Mozilla Project reports : MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...

7.5CVSS8.8AI score0.67465EPSS
Exploits4References32
OSV
OSV
added 2015/04/01 12:0 a.m.3 views

UBUNTU-CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

7.5CVSS7.6AI score0.03269EPSS
Exploits0References5
OSV
OSV
added 2015/04/01 12:0 a.m.2 views

UBUNTU-CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

5CVSS7.6AI score0.67135EPSS
Exploits3References5
Kaspersky
Kaspersky
added 2015/03/31 12:0 a.m.58 views

KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Firefox before 37.0, Mozilla Firefox ESR 31.x before 31.6, Mozilla Thunderbird before 31.6. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause a denial of service heap memory corruption and bypass an...

7.5CVSS10AI score0.67135EPSS
Exploits3References5
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.67 views

resource:// documents can load privileged pages — Mozilla

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled...

5CVSS9.1AI score0.67135EPSS
Exploits3References2Affected Software5
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.42 views

Same-origin bypass through anchor navigation — Mozilla

Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass...

7.5CVSS8.8AI score0.03269EPSS
Exploits0References3Affected Software5
myhack58
myhack58
added 2015/03/26 12:0 a.m.16 views

Mozilla official rushed to repair the Pwn2Own contest on the disclosure of the Firefox browser vulnerability-vulnerability warning-the black bar safety net

3 on 1 8 March, the world's top hacker contest Pwn2Own2015 in Vancouver, Canada, opened the Battle screen, and the brightest great God recount, Mariusz Mlynski in a very short period of time compromised the Firefox get 3 0 0 0 0 $ a huge bonus. And Mozilla official at the end of the game...

1.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/25 12:0 a.m.23 views

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)

Mozilla Firefox was updated to the 31.5.3ESR release to fix two security vulnerabilities : - Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its...

7.5CVSS8.3AI score0.03677EPSS
Exploits0References7
myhack58
myhack58
added 2015/03/25 12:0 a.m.19 views

Adobe cve-2 0 1 1-2 4 6 1 vulnerability can still be exploited-vulnerability warning-the black bar safety net

A There have been four years of Adobe Flash patch did not correctly resolve the Flex application vulnerable issue, and the attacker still can exploit this vulnerability. Reportedly, this vulnerability affects the world Alexa rank of the top ten most popular sites in the 3 0 percent. Linkedln...

Exploits0
RedHat Linux
RedHat Linux
added 2015/03/24 12:31 p.m.7 views

Mozilla: Privilege escalation through SVG navigation (MFSA 2015-28)

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7.2AI score0.03149EPSS
Exploits0References5
NVD
NVD
added 2015/03/24 12:59 a.m.19 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7AI score0.03149EPSS
Exploits0References13
Prion
Prion
added 2015/03/24 12:59 a.m.26 views

Design/Logic Flaw

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7.4AI score0.03149EPSS
Exploits0References13Affected Software3
CVE
CVE
added 2015/03/24 12:0 a.m.168 views

CVE-2015-0818

CVE-2015-0818 affects Mozilla Firefox (pre-36.0.4), Firefox ESR (pre-31.5.3 for 31.x), and SeaMonkey (pre-2.33.1). The root cause is a flaw in processing SVG hash navigation that bypasses the Same Origin Policy, allowing remote attackers to execute arbitrary JavaScript with chrome privileges. The...

7.5CVSS9.3AI score0.03149EPSS
Exploits0References13Affected Software3
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.27 views

Debian DSA-3201-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0817 ilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in...

7.5CVSS7.6AI score0.03677EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.35 views

SeaMonkey < 2.33.1 Multiple Vulnerabilities

The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to...

7.5CVSS7.8AI score0.03677EPSS
Exploits0References4
Rows per page
Query Builder